Get Started

PenTest+

CompTIA PenTest+ validates your ability to identify, mitigate, and report system vulnerabilities. Covering all stages of penetration testing across attack surfaces like cloud, web apps, APIs, and IoT, it emphasizes hands-on skills such as vulnerability management and lateral movement. This certification equips you with the expertise to advance your career as a penetration tester or security consultant.

Skills you'll learn

Plan and scope penetration tests while ensuring compliance with legal and ethical requirements, and develop detailed reports with remediation recommendations to support engagement management.

Perform active and passive reconnaissance, gather information, and enumerate systems to uncover vulnerabilities effectively.

Conduct vulnerability scans, analyze results, and validate findings to identify and address security weaknesses.

Execute network, host-based, web application, and cloud-based attacks using appropriate tools and techniques to test system defenses.

Maintain persistence, perform lateral movement, and document findings to support remediation efforts during post-exploitation activities.

Exam Details

Exam version: V3

Exam series code: PT0-003

Launch date: December 17, 2024

Number of questions: maximum of 90, including multiple-choice and performance-based questions

Length of test: 165 minutes

Passing score: 750 (on a scale of 100–900)

Recommended experience:  3–4 years in a penetration tester job role, with Network+ and Security+ or equivalent knowledge

Languages: English, French, Japanese, and Portuguese

Retirement of the previous exam: June 17, 2025

Retirement: Usually three years after launch (estimated 2027)

PenTest+ (V3) exam objectives summary

  • Planning and scoping: defining rules of engagement, testing windows, and target selection.
  • Legal and ethical compliance: ensuring authorization letters, mandatory reporting, and adherence to regulations.
  • Collaboration and communication: aligning with stakeholders through peer reviews, escalation paths, and risk articulation.
  • Penetration test reports: creating reports with executive summaries, findings, and remediation recommendations.

  • Active and passive reconnaissance: gathering information using open-source intelligence (OSINT), network sniffing, and protocol scanning.
  • Enumeration techniques: performing DNS enumeration, service discovery, and directory enumeration.
  • Reconnaissance tools: using tools like Nmap, Wireshark, and Shodan for information gathering.
  • Script modification: customizing Python, PowerShell, and Bash scripts for reconnaissance and enumeration.

  • Vulnerability scans: conducting authenticated, unauthenticated, static application security testing (SAST) and dynamic application security testing (DAST).
  • Result analysis: validating findings, troubleshooting configurations, and identifying false positives.
  • Discovery tools: using tools like Nessus, Nikto, and OpenVAS for vulnerability discovery.

  • Network attacks: performing VLAN hopping, on-path attacks, and service exploitation.
  • Authentication attacks: executing brute-force attacks, pass-the-hash, and credential stuffing.
  • Host-based attacks: conducting privilege escalation, process injection, and credential dumping.
  • Web application attacks: performing SQL injection, cross-site scripting (XSS), and directory traversal.
  • Cloud-based attacks: exploiting container escapes, metadata service attacks, and identity and access management (IAM) misconfiguration.
  • AI attacks: explaining prompt injection and model manipulation against artificial intelligence systems.

  • Post-exploitation activities: establishing persistence, performing lateral movement, and cleaning up artifacts.
  • Documentation: creating attack narratives and providing remediation recommendations.

Contact Us For More Enquiries

Ready to take the next step? Fill out the form below to get started, and our team will reach out to guide you through the enrollment process. We’re excited to help you begin your journey!

Contact Us Form
Shopping Basket